Endpoint Vulnerability

Buffer overflow during image interactions in canvas

Description

Security researcher Looben Yang reported a buffer overflow in the JPEGEncoder function during script interactions with a canvas element. This is caused by a race condition and incorrectly matched sizes following image interactions. This leads to a potentially exploitable crash.

Affected Products

Firefox,Firefox ESR

References

CVE-2015-7189,